<?php
// File: $Id: sections.php,v 1.18 2001/12/04 18:30:10 gregorrothfuss Exp $ $Name: $
// ----------------------------------------------------------------------
// POST-NUKE Content Management System
// Copyright (C) 2001 by the Post-Nuke Development Team.
// http://www.postnuke.com/
// ----------------------------------------------------------------------
// Based on:
// PHP-NUKE Web Portal System - http://phpnuke.org/
// Thatware - http://thatware.org/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file:
// Purpose of file:
// ----------------------------------------------------------------------
if (!eregi("admin.php", $PHP_SELF)) { die ("Access Denied"); }
$hlpfile = "manual/sections.html";
modules_get_language();
/*********************************************************/
/* Sections Manager Functions */
/*********************************************************/
function sections()
{
global $hlpfile, $admart, $pntable, $currentlang, $dbconn;
include("header.php");
GraphicAdmin($hlpfile);
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._SECTIONSADMIN."</b></font></center>";
CloseTable();
echo "<br>";
$column = &$pntable['sections_column'];
$result = $dbconn->Execute("SELECT $column[secid], $column[secname]
FROM $pntable[sections] ORDER BY $column[secid]");
//FTO . Test database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
if (!$result->EOF) {
// Current sections
if (authorised(0, 'Sections::Section', ':', ACCESS_EDIT)) {
OpenTable();
echo "<center><b>"._ACTIVESECTIONS."</b><br><font class=\"pn-normal\">"._CLICK2EDITSEC."</font></center><br>"
."<table border=0 width=100% align=center cellpadding=1 align=\"center\"><tr><td align=center>";
//FTO . use EOF for the Loop
// while(list($secid, $secname) = $result->fields) {
while(!$result->EOF) {
list($secid, $secname) = $result->fields;
if (authorised(0, 'Sections::Section', "$secname:$secid", ACCESS_EDIT)) {
echo "<strong><big>·</big></strong> <a href=\"admin.php?op=sectionedit&secid=$secid\">$secname</a>";
}
$result->MoveNext();
}
echo "</td></tr></table>";
CloseTable();
echo "<br>";
}
// Add article
if (authorised(0, 'Sections::Article', ":$secname:", ACCESS_ADD)) {
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._ADDSECARTICLE."</b></font></center><br>"
."<form action=\"admin.php\" method=\"post\">"
."<b>"._TITLE."</b><br>"
."<input type=\"text\" name=\"title\" size=\"60\"><br><br>"
."<b>"._SELSECTION.":</b><br>";
$column = &$pntable['sections_column'];
$result = $dbconn->Execute("SELECT $column[secid], $column[secname]
FROM $pntable[sections] ORDER BY $column[secid]");
//FTO . Test database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
//FTO Use EOF for the loop
//FTO while(list($secid, $secname) = $result->fields) {
while(!$result->EOF) {
list($secid, $secname) = $result->fields;
if (authorised(0, 'Sections::Section', "$secname::$secid", ACCESS_ADD)) {
echo "<input type=\"radio\" name=\"secid\" value=\"$secid\"> $secname<br>";
}
$result->MoveNext();
}
echo "<font class=\"pn-normal\">"._DONTSELECT."</font><br>";
echo "<br><br><b>"._LANGUAGE.": </b>"
."<select name=\"slanguage\">";
$lang = languagelist();
$sel_lang[$currentlang] = ' selected';
print '<option value="">'._ALL.'</option>';
$handle = opendir('language');
while ($f = readdir($handle))
{
if (is_dir("language/$f") && $lang[$f])
{
$langlist[$f] = $lang[$f];
}
}
asort($langlist);
foreach ($langlist as $k=>$v)
{
print "<option value=\"$k\"$sel_lang[$k]>$v</option>\n";
}
print '</select>';
echo "<br><br><b>"._CONTENT."</b><br>"
."<textarea name=\"content\" cols=\"60\" rows=\"10\"></textarea><br>"
."<font class=\"pn-normal\">"._PAGEBREAK."</font><br><br>"
."<input type=\"hidden\" name=\"op\" value=\"secarticleadd\">"
."<input type=\"submit\" value=\""._ADDARTICLE."\">"
."</form>";
CloseTable();
echo "<br>";
}
// Show current articles
if (authorised(0, 'Sections::Article', '::', ACCESS_EDIT)) {
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._LAST." $admart "._ARTICLES."</b></font></center><br>"
."<ul>"; /* ML added slanguage for display */
$column = &$pntable['seccont_column'];
$query = buildSimpleQuery ('seccont', array ('artid', 'secid', 'title', 'content', 'slanguage' ), '', "$column[artid] DESC", $admart);
$result = $dbconn->Execute($query);
//FTO . Test database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
//FTO Use EOF for the loop
while(!$result->EOF) {
//FTO while(list($artid, $secid, $title, $content, $slanguage) = $result->fields) {
list($artid, $secid, $title, $content, $slanguage) = $result->fields;
$column = &$pntable['sections_column'];
$result2 = $dbconn->Execute("SELECT $column[secid], $column[secname]
FROM $pntable[sections]
WHERE $column[secid]='$secid'");
list($secid, $secname) = $result2->fields;
if (authorised(0, 'Sections::Article', "$title:$secname:$artid", ACCESS_EDIT)) {
echo "<li>$title - ($slanguage) - ($secname) [ <a href=\"admin.php?op=secartedit&artid=$artid\">"._EDIT."</a> ";
if (authorised(0, 'Sections::Article', "$title:$secname:$artid", ACCESS_DELETE)) {
echo "| <a href=\"admin.php?op=secartdelete&artid=$artid&ok=0\">"._DELETE."</a> ";
}
echo "]";
}
$result->MoveNext();
}
echo "</ul>"
."<form action=\"admin.php\" method=\"post\">"
.""._EDITARTID.": <input type=\"text\" name=\"artid\" size=\"10\"> "
."<input type=\"hidden\" name=\"op\" value=\"secartedit\">"
."<input type=\"submit\" value=\""._OK."\">"
."</form>";
CloseTable();
echo "<br>";
}
}
// Add section
if (authorised(0, 'Sections::Section', "::", ACCESS_ADD)) {
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._ADDSECTION."</b></font></center><br>"
."<form action=\"admin.php\" method=\"post\"><br>"
."<b>"._SECTIONNAME.":</b><br>"
."<input type=\"text\" name=\"secname\" size=\"40\" maxlength=\"40\"><br><br>"
."<b>"._SECTIONIMG."</b><br><font class=\"pn-sub\">"._SECIMGEXAMPLE."</font><br>"
."<input type=\"text\" name=\"image\" size=\"40\" maxlength=\"50\"><br><br>"
."<input type=\"hidden\" name=\"op\" value=\"sectionmake\">"
."<INPUT type=\"submit\" value=\""._ADDSECTIONBUT."\">"
."</form>";
CloseTable();
}
include("footer.php");
}
function secarticleadd($secid, $title, $content, $slanguage) {
global $pntable, $dbconn;
csrfcheck();
$column = &$pntable['sections_column'];
$result = $dbconn->Execute("SELECT $column[secname]
FROM $pntable[sections] WHERE $column[secid]=$secid");
//FTO . Test database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
list($secname) = $result->fields;
if (!authorised(0, 'Sections::Article', "$title:$secname:", ACCESS_ADD)) {
include 'header.php';
echo _SECTIONSADDARTICLENOAUTH;
include 'footer.php';
return;
}
$title = stripslashes(FixQuotes($title));
$content = stripslashes(FixQuotes($content));
$column = &$pntable['seccont_column'];
// FTO : Add SEQ suffix to avoid conflict name with ORACLE
$nextid = $dbconn->GenId("{$pntable['seccont']}_SEQ");
$result=$dbconn->Execute("INSERT INTO $pntable[seccont] ($column[artid],
$column[secid], $column[title], $column[content],
$column[counter], $column[slanguage])
VALUES ($nextid,'$secid','$title','$content','0', '$slanguage')");
//FTO . Test database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
pnRedirect('admin.php?op=sections');
}
function secartedit($artid) {
global $pntable, $dbconn;
include("header.php");
GraphicAdmin($hlpfile);
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._SECTIONSADMIN."</b></font></center>";
CloseTable();
echo "<br>";
$column = &$pntable['seccont_column'];
$result = $dbconn->Execute("SELECT $column[artid], $column[secid], $column[title],
$column[content], $column[slanguage]
FROM $pntable[seccont]
WHERE $column[artid]='$artid'");
//FTO . Test database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
list($artid, $secid, $title, $content, $slanguage) = $result->fields;
$column = &$pntable['sections_column'];
$result = $dbconn->Execute("SELECT $column[secname]
FROM $pntable[sections] WHERE $column[secid]=$secid");
//FTO . Test database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
list($secname) = $result->fields;
if (!authorised(0, 'Sections::Article', "$title:$secname:$artid", ACCESS_EDIT)) {
echo _SECTIONSEDITARTICLENOAUTH;
include 'footer.php';
return;
}
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._EDITARTICLE."</b></font></center><br>"
."<form action=\"admin.php\" method=\"post\">"
."<b>"._TITLE."</b><br>"
."<input type=\"text\" name=\"title\" size=\"60\" value=\"$title\"><br><br>"
."<b>"._SELSECTION.":</b><br>";
$column = &$pntable['sections_column'];
$result2 = $dbconn->Execute("SELECT $column[secid], $column[secname]
FROM $pntable[sections] ORDER BY $column[secname]");
//FTO . Test database error
if (!$result2) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
//FTO USe EOF for the loop
while(!$result2->EOF) {
list($secid2, $secname) = $result2->fields;
if ($secid2==$secid) {
$che = "checked";
}
echo "<input type=\"radio\" name=\"secid\" value=\"$secid2\" $che>$secname<br>";
$che = "";
$result2->MoveNext();
}
echo "<br><br><b>"._LANGUAGE.": </b>" /* ML added dropdown , currentlang is pre-selected */
."<select name=\"slanguage\">";
$lang = languagelist();
$sel_lang[$currentlang] = ' selected';
echo '<option value="">'._ALL.'</option>';
$handle = opendir('language');
while ($f = readdir($handle))
{
if (is_dir("language/$f") && $lang[$f])
{
$langlist[$f] = $lang[$f];
}
}
asort($langlist);
foreach ($langlist as $k=>$v)
{
echo "<option value=\"$k\"$sel_lang[$k]>$v</option>\n";
}
echo '</select>';
echo "<br><b>"._CONTENT."</b><br>"
."<textarea name=\"content\" cols=\"60\" rows=\"10\">$content</textarea><br><br>"
."<input type=\"hidden\" name=\"artid\" value=\"$artid\">"
."<input type=\"hidden\" name=\"op\" value=\"secartchange\">"
."<input type=\"submit\" value=\""._SAVECHANGES."\">";
if (authorised(0, 'Sections::Article', "$secname:$secid:$artid", ACCESS_DELETE)) {
echo " [ <a href=\"admin.php?op=secartdelete&artid=$artid&ok=0\">"._DELETE."</a> ]";
}
echo "</form>";
CloseTable();
include("footer.php");
}
function sectionmake($secname, $image) {
global $pntable, $dbconn;
csrfcheck();
if (!authorised(0, 'Sections::Section', "$secname::", ACCESS_ADD)) {
include 'header.php';
echo _SECTIONSADDNOAUTH;
include 'footer.php';
return;
}
$secname = stripslashes(FixQuotes($secname));
$image = stripslashes(FixQuotes($image));
$column = &$pntable['sections_column'];
// FTO : Add SEQ suffix to avoid conflict name with ORACLE
$nextid = $dbconn->GenId("{$pntable['sections']}_SEQ");
$result=$dbconn->Execute("INSERT INTO $pntable[sections] ($column[secid],
$column[secname], $column[image])
VALUES ($nextid,'$secname', '$image')");
//FTO . Test database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
pnRedirect('admin.php?op=sections');
}
function sectionedit($secid) {
global $pntable, $dbconn;
include("header.php");
GraphicAdmin($hlpfile);
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._SECTIONSADMIN."</b></font></center>";
CloseTable();
echo "<br>";
$column = &$pntable['sections_column'];
$result = $dbconn->Execute("SELECT $column[secname], $column[image]
FROM $pntable[sections]
WHERE $column[secid]=$secid");
//FTO . Test database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
list($secname, $image) = $result->fields;
$result->Close();
if (!authorised(0, 'Sections::Section', "$secname::$secid", ACCESS_EDIT)) {
echo _SECTIONSEDITNOAUTH;
include 'footer.php';
return;
}
$column = &$pntable['seccont_column'];
$result2 = $dbconn->Execute("SELECT COUNT(*)
FROM $pntable[seccont]
WHERE $column[secid]=$secid");
//FTO $number = $result2->PO_RecordCount();
//FTO USe count from the result2 (don't understand why using record count
list($number) = $result2->fields;
$result2->Close();
OpenTable();
echo "<img src=\"images/sections/$image\" border=\"0\" alt=\"\"><br><br>"
."<font class=\"pn-title\"><b>"._EDITSECTION.": $secname</b></font>"
."<br>("._SECTIONHAS." $number "._ARTICLESATTACH.")"
."<br><br>"
."<form action=\"admin.php\" name=\"secarted\" method=\"post\">"
."<select name=\"artid\">";
$column = &$pntable['seccont_column'];
$result = $dbconn->Execute("SELECT $column[artid], $column[title]
FROM $pntable[seccont]
WHERE $column[secid]=$secid ORDER BY $column[artid]");
//FTO . Test database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
//FTO Use EOF fro the loop
while(!$result->EOF) {
list($artid, $title) = $result->fields;
$result->MoveNext();
if (authorised(0, 'Sections::Article', "$title:$secname:$artid", ACCESS_EDIT)) {
echo "<option value=\"$artid\">$title</option>";
}
}
$result->Close();
echo "</select> "
."<input type=\"hidden\" name=\"op\" value=\"secartedit\">"
."<input type=\"submit\" value=\""._OK."\">"
."</form><br>"
."<form action=\"admin.php\" method=\"post\">"
."<b>"._SECTIONNAME."</b><br><font class=\"pn-sub\">"._40CHARSMAX."</font><br>"
."<input type=\"text\" name=\"secname\" size=\"40\" maxlength=\"40\" value=\"$secname\"><br><br>"
."<b>"._SECTIONIMG."</b><br><font class=\"pn-sub\">"._SECIMGEXAMPLE."</font><br>"
."<input type=\"text\" name=\"image\" size=\"40\" maxlength=\"50\" value=\"$image\"><br><br>"
."<input type=\"hidden\" name=\"secid\" value=\"$secid\">"
."<input type=\"hidden\" name=\"op\" value=\"sectionchange\">"
."<input type=\"submit\" value=\""._SAVECHANGES."\">";
if (authorised(0, 'Sections::Section', "$secname::$secid", ACCESS_DELETE)) {
echo " [ <a href=\"admin.php?op=sectiondelete&secid=$secid&ok=0\">"._DELETE."</a> ]";
}
echo "</form>";
CloseTable();
include("footer.php");
}
function sectionchange($secid, $secname, $image) {
global $pntable, $dbconn;
csrfcheck();
if (!authorised(0, 'Sections::Section', "$secname::$secid", ACCESS_EDIT)) {
include 'header.php';
echo _SECTIONSEDITNOAUTH;
include 'footer.php';
return;
}
$secname = stripslashes(FixQuotes($secname));
$image = stripslashes(FixQuotes($image));
$column = &$pntable['sections_column'];
//FTO Check result
$result=$dbconn->Execute("UPDATE $pntable[sections]
SET $column[secname]='$secname', $column[image]='$image'
WHERE $column[secid]=$secid");
//FTO . Test database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
pnRedirect('admin.php?op=sections');
}
function secartchange($artid, $secid, $title, $content, $slanguage) {
global $pntable, $dbconn;
csrfcheck();
// Have to get old title/sectionname
$column = &$pntable['sections_column'];
$contcolumn = &$pntable['seccont_column'];
$result = $dbconn->Execute("SELECT $column[secname], $contcolumn[title]
FROM $pntable[sections], $pntable[seccont]
WHERE $contcolumn[artid]=$artid
AND $column[secid] = $contcolumn[secid]");
//FTO . Test database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
list($secname, $orig_title) = $result->fields;
$result->Close();
if (!authorised(0, 'Sections::Article', "$title:$secname:$artid", ACCESS_EDIT)) {
include 'header.php';
echo _SECTIONSEDITARTICLENOAUTH;
include 'footer.php';
return;
}
$title = stripslashes(FixQuotes($title));
$content = stripslashes(FixQuotes($content));
$column = &$pntable['seccont_column'];
//FTO Check result
$result=$dbconn->Execute("UPDATE $pntable[seccont]
SET $column[secid]='$secid', $column[title]='$title',
$column[content]='$content',
$column[slanguage]='$slanguage'
WHERE $column[artid]=$artid");
//FTO . Test database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
pnRedirect('admin.php?op=sections');
}
function sectiondelete($secid, $ok=0) {
global $pntable, $dbconn;
csrfcheck();
$column = &$pntable['sections_column'];
$result = $dbconn->Execute("SELECT $column[secname]
FROM $pntable[sections]
WHERE $column[secid]=$secid");
//FTO . Test database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
list($secname) = $result->fields;
$result->Close();
if (!authorised(0, 'Sections::Section', "$secname::$sec", ACCESS_DELETE)) {
include 'header.php';
echo _SECTIONSDELNOAUTH;
include 'footer.php';
return;
}
if ($ok==1) {
//FTO Check result
$result=$dbconn->Execute("DELETE FROM $pntable[seccont]
WHERE {$pntable[seccont_column][secid]}='$secid'");
//FTO . Test database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
$result=$dbconn->Execute("DELETE FROM $pntable[sections]
WHERE {$pntable[sections_column][secid]}='$secid'");
//FTO . Test database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
pnRedirect('admin.php?op=sections');
} else {
include("header.php");
GraphicAdmin($hlpfile);
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._SECTIONSADMIN."</b></font></center>";
CloseTable();
echo "<br>";
$column = &$pntable['sections_column'];
$result= $dbconn->Execute("SELECT $column[secname]
FROM $pntable[sections]
WHERE $column[secid]=$secid");
//FTO . Test database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
list($secname) = $result->fields;
OpenTable();
echo "<center><b>"._DELSECTION.": $secname</b><br><br>\n";
echo "<table><tr><td>\n";
echo myTextForm("admin.php?op=sections", _NO);
echo "</td><td>\n";
echo myTextForm("admin.php?op=sectiondelete&secid=$secid&ok=1", _YES);
echo "</td></tr></table>\n";
echo "</center>\n";
CloseTable();
include("footer.php");
}
}
function secartdelete($artid, $ok=0) {
global $pntable, $dbconn;
csrfcheck();
$column = &$pntable['sections_column'];
$contcolumn = &$pntable['seccont_column'];
$result = $dbconn->Execute("SELECT $column[secname], $contcolumn[title]
FROM $pntable[sections], $pntable[seccont]
WHERE $contcolumn[artid]=$artid
AND $column[secid] = $contcolumn[secid]");
//FTO . Test database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
list($secname, $title) = $result->fields;
$result->Close();
if (!authorised(0, 'Sections::Article', "$title:$secname:$artid", ACCESS_DELETE)) {
include 'header.php';
echo _SECTIONSDELARTICLENOAUTH;
include 'footer.php';
return;
}
if ($ok==1) {
$result=$dbconn->Execute("DELETE FROM $pntable[seccont]
WHERE {$pntable[seccont_column][artid]}='$artid'");
//FTO . Test database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
pnRedirect('admin.php?op=sections');
} else {
include("header.php");
GraphicAdmin($hlpfile);
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._SECTIONSADMIN."</b></font></center>";
CloseTable();
echo "<br>";
$column = &$pntable['seccont_column'];
$result = $dbconn->Execute("SELECT $column[title]
FROM $pntable[seccont]
WHERE $column[artid]=$artid");
//FTO . Test database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
list($title) = $result->fields;
OpenTable();
echo "<center><b>"._DELARTICLE.": $title</b><br><br>\n";
echo "<table><tr><td>\n";
echo myTextForm("admin.php?op=sections", _NO);
echo "</td><td>\n";
echo myTextForm("admin.php?op=secartdelete&artid=$artid&ok=1", _YES);
echo "</td></tr></table>\n";
echo "</center>\n";
CloseTable();
include("footer.php");
}
}
if ((!authorised(0, 'Sections::Section', '::', ACCESS_EDIT)) &&
(!authorised(0, 'Sections::Article', '::', ACCESS_EDIT))) {
include 'header.php';
echo _SECTIONSNOAUTH;
include 'footer.php';
} else {
switch ($op) {
case "sections":
sections();
break;
case "sectionedit":
sectionedit($secid);
break;
case "sectionmake":
sectionmake($secname, $image);
break;
case "sectiondelete":
sectiondelete($secid, $ok);
break;
case "sectionchange":
sectionchange($secid, $secname, $image);
break;
case "secarticleadd":
secarticleadd($secid, $title, $content, $slanguage);
break;
case "secartedit":
secartedit($artid);
break;
case "secartchange":
secartchange($artid, $secid, $title, $content, $slanguage);
break;
case "secartdelete":
secartdelete($artid, $ok);
break;
}
}
?>